aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorArmin Kuster <akuster@mvista.com>2018-08-05 22:03:27 -0700
committerRichard Purdie <richard.purdie@linuxfoundation.org>2018-08-06 16:24:03 +0100
commit6d092834bd4847c2ab965bc55420304b43b579fa (patch)
treed6aa8a548c9ff74bd62215940a35fd4088bd6c79
parentea6a69cb83fa128ca8606d9e5f5cbb8cd89df1f1 (diff)
downloadpoky-6d092834bd4847c2ab965bc55420304b43b579fa.tar.gz
poky-6d092834bd4847c2ab965bc55420304b43b579fa.tar.bz2
poky-6d092834bd4847c2ab965bc55420304b43b579fa.zip
binutls: Security fix CVE-2018-10373
Affects <= 2.30 (From OE-Core rev: 3c83b9be884015e238249c0382299aedf4d81459) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-devtools/binutils/binutils-2.30.inc1
-rw-r--r--meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch45
2 files changed, 46 insertions, 0 deletions
diff --git a/meta/recipes-devtools/binutils/binutils-2.30.inc b/meta/recipes-devtools/binutils/binutils-2.30.inc
index 89957154c1..7b1705e8eb 100644
--- a/meta/recipes-devtools/binutils/binutils-2.30.inc
+++ b/meta/recipes-devtools/binutils/binutils-2.30.inc
@@ -43,6 +43,7 @@ SRC_URI = "\
file://CVE-2018-7208.patch \
file://CVE-2018-7569.patch \
file://CVE-2018-7568.patch \
+ file://CVE-2018-10373.patch \
"
S = "${WORKDIR}/git"
diff --git a/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
new file mode 100644
index 0000000000..d547cf1154
--- /dev/null
+++ b/meta/recipes-devtools/binutils/binutils/CVE-2018-10373.patch
@@ -0,0 +1,45 @@
+From 6327533b1fd29fa86f6bf34e61c332c010e3c689 Mon Sep 17 00:00:00 2001
+From: Nick Clifton <nickc@redhat.com>
+Date: Tue, 17 Apr 2018 14:30:07 +0100
+Subject: [PATCH] Add a check for a NULL table pointer before attempting to
+ compute a DWARF filename.
+
+ PR 23065
+ * dwarf2.c (concat_filename): Check for a NULL table pointer.
+
+Upstream-Status: Backport
+Affects: Binutils <= 2.30
+CVE: CVE-2018-10373
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+
+---
+ bfd/ChangeLog | 5 +++++
+ bfd/dwarf2.c | 2 +-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+Index: git/bfd/dwarf2.c
+===================================================================
+--- git.orig/bfd/dwarf2.c
++++ git/bfd/dwarf2.c
+@@ -1565,7 +1565,7 @@ concat_filename (struct line_info_table
+ {
+ char *filename;
+
+- if (file - 1 >= table->num_files)
++ if (table == NULL || file - 1 >= table->num_files)
+ {
+ /* FILE == 0 means unknown. */
+ if (file)
+Index: git/bfd/ChangeLog
+===================================================================
+--- git.orig/bfd/ChangeLog
++++ git/bfd/ChangeLog
+@@ -1,3 +1,8 @@
++2018-04-17 Nick Clifton <nickc@redhat.com>
++
++ PR 23065
++ * dwarf2.c (concat_filename): Check for a NULL table pointer.
++
+ 2018-01-29 Alan Modra <amodra@gmail.com>
+
+ PR 22741